Main Vulnerability Database Vulnerabilities #VU71128

Inclusion of Sensitive Information in Log Files in NetIQ Identity Manager - CVE-2017-7434

Published: January 12, 2023

Vulnerability identifier: #VU71128

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7434

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
NetIQ Identity Manager

Software vendor:
OpenText

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the JDBC driver of NetIQ Identity Manager send out an incorrect XML configuration, which can result in passwords being logged into exception logfiles.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1005907
https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html

Inclusion of Sensitive Information in Log Files in NetIQ Identity Manager - CVE-2017-7434

Description

Remediation

External links

Please verify you're human